> > gpg: Can't check signature: No public key
Verified with Andrzej that this is due to the smoke test scripts overwriting old-style gpg files, even if they are currently in use. This has been addressed in https://github.com/apache/solr-operator/pull/260 On Tue, Apr 20, 2021 at 9:56 AM Houston Putman <[email protected]> wrote: > Thanks so much for the detailed response, Andrzej. > > Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is >> deprecated in v1.16+, unavailable in v1.22+ ..... > > > Unfortunately that is an issue with the Zookeeper Operator project not > having a more up-to-date CRD type available. We can manually fix this in > future releases if we need to. It's a very small change. > As mentioned in the response to Mike above, we currently copy this file > as-is from the zookeeper-operator > <https://github.com/pravega/zookeeper-operator> project. > > I’m not getting the error that Tim reported, gpg 2.2.27 > > > This might be because you ran the smoke test first, or your up-to-date GPG > is using the old file format for some reason... More discussion on this > below. > > trying to run the smoke_test.sh fails due to unsupported flag used in one >> of the other shell scripts it uses: > > mktemp: illegal option -- - > > > Yeah, I was unaware that I was using the gnu-utils version of mktemp. > Should be fixed by: https://github.com/apache/solr-operator/pull/260 > > verify_all.sh:74 produces this warning: >> gpg: WARNING: nothing exported >> > > That is very strange, and likely why the following error happened: > > gpg: Can't check signature: No public key > > > This is very strange and I'm not exactly sure why this would be. Do you > have both a "pubring.kbx" and a "pubring.gpg" file under ~/.gnupg? > When you import the Solr keys, they should be going to the kbx file, > because of your gpg version. The gpg checks of the artifacts should be > using the ".kbx" file (because that is what gpg uses by default), and the > helm verification should be using the ".gpg" file. But I may be > misunderstanding something here. Will do some further investigation. > > - Houston > > On Tue, Apr 20, 2021 at 9:17 AM Andrzej Białecki < > [email protected]> wrote: > >> I’m using Docker Desktop 3.3.1 on macOS, with built-in Kubernetes 1.19.7. >> I ran into some issues during testing: >> >> * When creating CRDs I’m getting the following warning: >> >> bash-3.2$ kubectl create -f >> https://dist.apache.org/repos/dist/dev/solr/solr-operator/solr-operator-v0.3.0-RC1-rev8b14ce2567599561358eaa7d75210cd29fd21a41/crds/all-with-dependencies.yaml >> customresourcedefinition.apiextensions.k8s.io/solrbackups.solr.apache.org >> created >> customresourcedefinition.apiextensions.k8s.io/solrclouds.solr.apache.org >> created >> >> customresourcedefinition.apiextensions.k8s.io/solrprometheusexporters.solr.apache.org >> created >> Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is >> deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 >> CustomResourceDefinition >> >> customresourcedefinition.apiextensions.k8s.io/zookeeperclusters.zookeeper.pravega.io >> created >> >> * I’m not getting the error that Tim reported, gpg 2.2.27 >> >> * trying to run the smoke_test.sh fails due to unsupported flag used in >> one of the other shell scripts it uses: >> >> mktemp: illegal option -- - >> usage: mktemp [-d] [-q] [-t prefix] [-u] template ... >> mktemp [-d] [-q] [-u] -t prefix >> >> This is most likely due to either test_source.sh:62 or verify_all.sh:63. >> ‘mktemp’ on macOS doesn’t support the long ’—tmpdir’ option. However, it >> supports the short ‘-t’ option, which is also supported on other POSIX >> systems so maybe the best course of action would be to change the scripts >> to use the short option? >> >> * verify_all.sh:74 produces this warning: >> gpg: WARNING: nothing exported >> >> If I go step by step through the script, the previous lines that import >> the Solr KEYS would have already created the pubring.gpg file, so this kind >> of makes sense? >> >> And finally the script fails with the following: >> >> Downloaded: 20 files, 2,8M in 10s (282 KB/s) >> Veryifying: crds/all-with-dependencies.yaml >> all-with-dependencies.yaml: OK >> gpg: Signature made Thu 15 Apr 21:56:51 2021 CEST >> gpg: using RSA key 50E3EE1C91C7E0CB4DFB007B369424FC98F3F6EC >> gpg: Can't check signature: No public key >> Invalid signature for all-with-dependencies.yaml. Aborting! >> >> >> >> On 19 Apr 2021, at 18:51, Houston Putman <[email protected]> wrote: >> >> Some additional information on: >> >> >>> [UNKNOWN] why are we releasing zookeeperclusters.yaml with our crds? >>> >> >> We have to include the zookeeperclusters.yaml in our source code, >> because it is required as a part of the unit testing. >> Unless we want to remove Zookeeper Operator integration testing from the >> repo, it's not an option to remove that yaml file. >> Therefore, I don't think there is additional harm in releasing the >> ZookeeperCluster CRD yaml with our Solr CRDs for user convenience. >> >> - Houston >> >> On Thu, Apr 15, 2021 at 5:28 PM Houston Putman <[email protected]> >> wrote: >> >>> That's because helm is annoying and doesn't support the newer version of >>> gpg key files. >>> >>> The smoke test does this for you but you can run this first and it >>> should work: >>> gpg --export >~/.gnupg/pubring.gpg >>> >>> - Houston >>> >>> On Thu, Apr 15, 2021 at 5:23 PM Timothy Potter <[email protected]> >>> wrote: >>> >>>> This looks like something funky with my gnupg setup locally, but I got >>>> this: >>>> >>>> helm install --debug --verify solr-operator >>>> solr-operator-rc/solr-operator --set image.tag=v0.3.0-rc1 >>>> install.go:172: [debug] Original chart version: "" >>>> Error: failed to load keyring: open /Users/tjp/.gnupg/pubring.gpg: no >>>> such file or directory >>>> helm.go:81: [debug] open /Users/tjp/.gnupg/pubring.gpg: no such file >>>> or directory >>>> failed to load keyring >>>> helm.sh/helm/v3/pkg/downloader.VerifyChart >>>> >>>> Removing the --verify unblocked me >>>> >>>> On Thu, Apr 15, 2021 at 4:03 PM Mike Drob <[email protected]> wrote: >>>> > >>>> > -1 >>>> > >>>> > [OK] Verified signatures >>>> > [OK] Verified checksums >>>> > >>>> > [BAD] helm-carts/index.yaml missing licence header >>>> > [BAD] most yaml files in source tarball are missing license headers >>>> > [BAD] Makefile missing license header >>>> > >>>> > [UNKNOWN] what is helm-charts/solr-operator-0.3.0.tgz.prov? It looks >>>> > like a gpg signed yaml file, maybe this is part of the helm standard >>>> > but the filename looks confusing to me. >>>> > [UNKNOWN] why are we releasing zookeeperclusters.yaml with our crds? >>>> > It's not our code, I don't want us to be forking it. Do we have to >>>> > include it?' >>>> > >>>> > Will continue testing and reviewing, but those were the first things >>>> that I saw. >>>> > >>>> > On Thu, Apr 15, 2021 at 4:20 PM Houston Putman <[email protected]> >>>> wrote: >>>> > > >>>> > > Updated the release wizard, but not my draft email.... >>>> > > >>>> > > You need to clone the solr-operator repository and checkout the >>>> release-0.3 branch before running the smoke test. >>>> > > And you should run the smoke test from the base directory of the >>>> solr-operator repo. >>>> > > >>>> > > Hope it goes smoothly for everyone! >>>> > > >>>> > > - Houston >>>> > > >>>> > > On Thu, Apr 15, 2021 at 3:53 PM Houston Putman <[email protected]> >>>> wrote: >>>> > >> >>>> > >> Please vote for release candidate 1 for the Solr Operator v0.3.0 >>>> > >> >>>> > >> The artifacts can be downloaded from: >>>> > >> >>>> https://dist.apache.org/repos/dist/dev/solr/solr-operator/solr-operator-v0.3.0-RC1-rev8b14ce2567599561358eaa7d75210cd29fd21a41 >>>> > >> >>>> > >> You can run the full smoke tester, with instructions below. >>>> > >> However, it is also encouraged to go and use the artifacts >>>> yourself in a test Kubernetes cluster. >>>> > >> The smoke tester does not require you to download or install the >>>> RC artifacts before running. >>>> > >> If you plan on just running the smoke tests, then ignore all other >>>> instructions. >>>> > >> >>>> > >> The artifacts are layed out in the following way: >>>> > >> * solr-operator-v0.3.0.tgz - Contains the source release >>>> > >> * crds/ - Contains the CRD files >>>> > >> * helm/ - Contains the Helm release packages >>>> > >> >>>> > >> The RC Docker image can be found at: >>>> > >> apache/solr-operator:v0.3.0-rc1 >>>> > >> >>>> > >> The RC Helm repo can be added with: >>>> > >> helm repo add solr-operator-rc >>>> https://dist.apache.org/repos/dist/dev/solr/solr-operator/solr-operator-v0.3.0-RC1-rev8b14ce2567599561358eaa7d75210cd29fd21a41/helm-charts >>>> > >> >>>> > >> You can install the RC Solr Operator and CRDs with: >>>> > >> kubectl create -f >>>> https://dist.apache.org/repos/dist/dev/solr/solr-operator/solr-operator-v0.3.0-RC1-rev8b14ce2567599561358eaa7d75210cd29fd21a41/crds/all-with-dependencies.yaml >>>> > >> helm install --verify solr-operator >>>> solr-operator-rc/solr-operator --set image.tag=v0.3.0-rc1 >>>> > >> >>>> > >> You can run the full smoke tester directly with this command: >>>> > >> >>>> > >> ./hack/release/smoke_test/smoke_test.sh -v "v0.3.0" -s "8b14ce2" >>>> -i "apache/solr-operator:v0.3.0-rc1" \ >>>> > >> -l ' >>>> https://dist.apache.org/repos/dist/dev/solr/solr-operator/solr-operator-v0.3.0-RC1-rev8b14ce2567599561358eaa7d75210cd29fd21a41 >>>> ' >>>> > >> >>>> > >> Make sure you have the following installed before running the >>>> smoke test: >>>> > >> - Docker (Give it enough memory and CPU to run ~12 containers, 3 >>>> of which are Solr nodes) >>>> > >> - Go 1.16 >>>> > >> - Kubectl >>>> > >> - GnuPG >>>> > >> - Helm v3.4.0+ >>>> > >> - Kustomize (v4.0.0+) This will be installed for you, but NOT >>>> upgraded if a lower version is already installed. >>>> > >> - yq >>>> > >> - jq >>>> > >> >>>> > >> The vote will be open for at least 72 hours i.e. until 2021-04-20 >>>> 21:00 UTC. >>>> > >> (I have extended this to Tuesday, since the vote occurs over a >>>> weekend) >>>> > >> >>>> > >> [ ] +1 approve >>>> > >> [ ] +0 no opinion >>>> > >> [ ] -1 disapprove (and reason why) >>>> > >> >>>> > >> Here is my +1 >>>> > >>>> > --------------------------------------------------------------------- >>>> > To unsubscribe, e-mail: [email protected] >>>> > For additional commands, e-mail: [email protected] >>>> > >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >>>> >>
